CLAIMS 



1 1 . A computer authentication protocol, comprising: 

2 sending at least one certificate payload from a transmitting computer 

3 to a receiving computer, the certificate payload including at least two 

4 certificates each being generated by a respective certificate authority (CA), the 

5 certificate authorities being independent of each other such that no trust 

6 relationship exists between the CA. 

1:5 2. The protocol of claim 1, wherein the certificates are concatenated 

ZtI together. 

14 3. The protocol of Claim 2, wherein at least one certificate is associated 

2Q with a person and one certificate is associated with a host computer. 

l^'l 4. The protocol of Claim 1, further comprising sending at least one 

2 identification (ID) payload between the computers, the ID payload being generated by 

3 combining the IDs of at least two entities. 

1 5. The protocol of Claim 4, further comprising sending at least one 

2 signature payload between the computers, the signature payload being generated by 

3 concatenating the signatures of at least two entities. 
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6. The protocol of Claim 4, wherein each signature is formed by applying 
a pseudorandom function (PRF) to at least the associated ID to render a result, and 
then encrypting the result with a private key associated with the entity represented by 
the ID. 

7. A computer program device, comprising: 

a computer program storage device including a program of instructions 
usable by a computer, comprising: 

logic means for combining a first entity identification (ID) with a 
second entity ID to render an ID payload; and 

logic means for sending the ID payload to a computer along with at 
least one certificate payload. 

8. The computer program device of Claim 7, further comprising: 

logic means for generating a signature payload by concatenating at least 
two signatures of respective entities. 

9. The computer program device of Claim 8, wherein the means for 
generating a signature payload applies a pseudorandom function (PRF) to at least an 
ID associated with an entity to render a result, and then encrypting the result with a 
private key associated with the entity represented by the respective ID. 
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10. A computer program device, comprising: 

a computer program storage device including a program of instructions 
usable by a computer, comprising: 

logic means for generating a signature payload by concatenating at least 
two signatures of respective entities; and 

logic means for sending the signature payload to a computer along with 
at least one certificate payload. 

11. The computer program device of Claim 10, wherein the means for 
generating a signature payload applies a pseudorandom function (PRF) to at least an 
ID associated with an entity to render a result, and then encrypting the result with a 
private key associated with the entity represented by the respective ID. 

12. The computer program device of Claim 11, further comprising: 
logic means for combining a first entity ID with a second entity ID to 

render an ID payload; and 

logic means for sending the ID payload to a computer along with at 
least one certificate payload. 

13. A computer system for secure network authentication, comprising: 
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at least one host certificate authority (CA) generating a host 
authentication certificate for at least one host computer; and 

at least one user CA generating a user authentication certificate for at 
least one user, wherein the certificates can be combined into a certificate 
payload during an authentication process, the host CA not being in a trust 
relationship with the user CA and vice- versa. 

14. The system of claim 13, wherein the certificates are concatenated 
together to establish a certificate payload, 

15. The system of Claim 14, wherein at least one certificate is associated 
v^th a person and one certificate is associated with a host computer. 

16. The system of Claim 13, wherein the system sends at least one 
identification (ID) payload between the computers, the ID payload being generated by 
combining the IDs of at least two entities. 

17. The system of Claim 16, wherein the system sends at least one 
signature payload between the computers, the signature payload being generated by 
concatenating the signatures of at least two entities. 
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1 8 . The system of Claim 1 7, wherein each signature is formed by applying 
a pseudorandom function (PRF) to at least the associated ID to render a result, and 
then encrypting the result with a private key associated with the entity represented by 
the ID. 
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